sendmail vulnerability
Paul Iadonisi
pri.nhlug at iadonisi.to
Wed Mar 5 21:43:29 EST 2003
On Tue, 2003-03-04 at 17:47, Jon maddog Hall wrote:
> You should also mention that RedHat 8.0 is not susceptible to this bug.
Um, I beg to differ. At least according to the advisory. Quoting the
advisory (at http://lwn.net/Alerts/24201/):
-=-=-=
All users are advised to update to these erratum packages. For Red Hat
Linux 8.0 we have included Sendmail version 8.12.8 which is not
vulnerable to these issues. For all other distributions we have
included a backported patch which corrects these vulnerabilities.
-=-=-=
That to me says that they have provided an upgraded version of
sendmail (from 8.12.5 which is vulnerable to 8.12.8 which is not
vulnerable) for Red Hat 8.0. The 'which is not vulnerable' refers to
the newer version of sendmail, not to Red Hat 8.0. Errata for all other
releases are not version 8.12.8 of sendmail, but rather a backported
patch of the older sendmail included with those releases.
--
-Paul Iadonisi
Senior System Administrator
Red Hat Certified Engineer / Local Linux Lobbyist
Ever see a penguin fly? -- Try Linux.
GPL all the way: Sell services, don't lease secrets
More information about the gnhlug-discuss
mailing list